Vulnerabilities > Netapp > Clustered Data Ontap > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-7947 Information Exposure vulnerability in Netapp Clustered Data Ontap 8.3.2/9.0/9.1
NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line.
network
low complexity
netapp CWE-200
6.5
2017-04-10 CVE-2017-7345 Information Exposure vulnerability in Netapp Clustered Data Ontap 7.1
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
netapp CWE-200
5.3
2017-01-30 CVE-2016-2518 Out-of-bounds Read vulnerability in multiple products
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
network
low complexity
ntp debian netapp oracle redhat freebsd siemens CWE-125
5.3
2017-01-30 CVE-2015-7977 NULL Pointer Dereference vulnerability in multiple products
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
5.9
2017-01-30 CVE-2015-7973 7PK - Security Features vulnerability in multiple products
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
network
high complexity
ntp siemens freebsd netapp canonical CWE-254
6.5
2016-09-01 CVE-2016-3064 Information Exposure vulnerability in Netapp Clustered Data Ontap
NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors.
network
low complexity
netapp CWE-200
6.5
2016-04-07 CVE-2016-1563 Improper Input Validation vulnerability in Netapp Clustered Data Ontap 8.3.1
NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
netapp CWE-20
6.8